Kibana not prompting Basic Auth creds


I’m not sure what I’m doing wrong. I have readonlyrest set up and working with LDAP auth, I have Kibana set up with a full access user. If I use postman to trigger a GET request with basic auth headers it works, but if I browse to kibana I don’t get prompted for credentials. I only get

{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}

Config as follows:

discovery.zen.minimum_master_nodes: "1"
  - ""
gateway.expected_nodes: "1"
gateway.recover_after_nodes: "1" "_enp0s8_" rest01 /usr/share/elasticsearch/data/elasticsearch
path.logs: /var/log/elasticsearch
  - auth_key: elasticsearch:elasticsearch
    name: "::KIBANA-SRV::"
    type: allow
  - indices:
      - "*"
      - groups:
          - ipausers
        name: < removed >
    name: "Allow all requests from users in ipausers"
    type: allow
    kibana_access: rw
readonlyrest.enable: "true"
  - bind_dn: "uid=elastic,cn=sysaccounts,cn=etc,< removed >"
    bind_password: < removed >
    host: < removed >
    name: < removed >
    port: "636"
    search_groups_base_DN: "cn=groups,cn=accounts,< removed >"
    search_user_base_DN: "cn=users,cn=accounts,< removed >"
    ssl_enabled: "true"
    ssl_trust_all_certs: "true"
    unique_member_attribute: member
readonlyrest.response_if_req_forbidden: "Sorry, your request is forbidden."
readonlyrest.ssl.enable: "true"
readonlyrest.ssl.keystore_file: /elasticsearch/plugins/readonlyrest/keystore.jks
readonlyrest.ssl.keystore_pass: readonlyrest
# Note: This file is managed by Puppet.
# See: for more details
elasticsearch.password: elasticsearch
elasticsearch.preserveHost: true
elasticsearch.username: elasticsearch
server.port: 5601


Nevermind. I resolved the issue, I was using elasticsearch and kibana 5.1.1

Can we add something to the documentation to make it more obvious that the plugin is incompatible with 5.1.1?

(Simone Scarduzio) #3

When you got that error on Kibana side, did you have an error in the Elasticsearch logs as well?

For the records, 5.1.1 should work as well.